June 25, 2024 at 02:12PM
The Polyfill.io service, used by over 100,000 sites, was compromised in a supply chain attack after being acquired by a Chinese company, leading to injection of malicious code. Cloudflare and Fastly set up mirrors to mitigate the risk, and Google warned advertisers of the issue impacting landing pages and causing unauthorized redirects.
The meeting notes indicate that over 100,000 sites have been impacted in a supply chain attack related to the Polyfill.io service. The attack occurred after a Chinese company acquired the domain and modified the script to introduce malicious code on websites. This resulted in the redirection of visitors to scam sites without the knowledge or permission of the website owners.
The original developer of the Polyfill.io service has cautioned websites to remove it immediately to reduce the risk of a potential supply chain attack. Cloudflare and Fastly have also set up their own mirrors of the Polyfill.io service to provide a trusted alternative.
Google has issued warnings to advertisers about the supply chain attack, notifying them that their landing pages may include the malicious code and could lead to unwanted redirects. The redirects have been traced back to several third-party web resource providers, including Polyfill.io, Bootcss.com, Bootcdn.net, and Staticfile.org.
Furthermore, the attack involves specific targeting and resistance to reverse engineering, making it difficult for researchers to fully analyze the modified script. The attack also exhibits protective measures against reverse engineering and delays execution in the presence of web analytics services.
It’s important for companies and advertisers to be vigilant and take necessary precautions to mitigate the impact of this supply chain attack on their websites and online advertisements.